The Chief Information Security officer (CISO) of an organization has requested that a Service Organization Control (SOC) report be created to outline the security and availability of a particular system over a 12-month period. Which type of SOC report should be utilized?

A. SOC 1 Type 1

B. SOC 1 Type 2

C. SOC 2 Type 2

D. SOC 3 Type 1

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non- legacy systems?

A. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature:
Digital Signature Algorithm (DSA) (>=2048 bits)

B. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature:
Rivest-Shamir-Adleman (RSA) (1024 bits)

C. Diffie-hellman (DH) key exchange: DH (=2048 bits)

D. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) =256 bits)

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

A. Pinning

B. Single-pass wipe

C. Multi-pass wipes

D. Degaussing

Which of the following is a MUST for creating a new custom-built, cloud-native application designed to be horizontally scalable?

A. Network as a Service (NaaS)

B. Platform as a Service (PaaS)

C. Infrastructure as a Service (IaaS)

D. Software as a Service (SaaS)

An employee's home address should be categorized according to which of the following references?

A. The consent form terms and conditions signed by employees

B. An organization security plan for human resources

C. Existing employee data classifications

D. The organization’s data classification model

A new internal auditor is tasked with auditing the supply chain. The system owner stated that the last internal auditor was terminated because the auditor discovered too many defficient controls. The auditor reports this conversation to their manager. Which of the following audit integrity principles BEST applies to this situation?

A. Demonstrate competence while performing professional duties.

B. Perform professional duties with honesty, diligence, and responsibility.

C. Perform professional duties in accordance with company policy.

D. Be aware of any influences that may be exerted on professional judgement.

Which of the following is a common term for log reviews, synthetic transactions, and code reviews?

A. Application development

B. Spiral development functional testing

C. Security control testing

D. DevOps Integrated Product Team (IPT) development

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?

A. Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.

B. Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.

C. Open source libraries contain unknown vulnerabilities, so they should not be used.

D. Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.

Which of the following is an important design feature for the outer door of a mantrap?

A. Allow it to be opened by an alarmed emergency button.

B. Do not allow anyone to enter it alone.

C. Do not allow it to be observed by closed-circuit television (CCTV) cameras.

D. Allow it be opened when the inner door of the mantrap is also open.

Which of the following are key activities when conducting a security assessment?

A. Schedule, collect, examine

B. Interview, examine, simulate

C. Collect, interview, test

D. Examine, interview, test

Which of the following is a strong security protection provided by Trusted Platform Module (TPM)?

A. Providing data integrity through digital signatures

B. Creation of a secure kernel

C. Separation of encryption keys from storage devices

D. Reporting of system integrity

Which of the following terms is used for online service providers operating within a federation?

A. Active Directory Federation Services (ADFS)

B. Relying party (RP)

C. Single sign-on (SSO)

D. Identity and access management (IAM)

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?

A. It determines the functional and operational requirements.

B. It determines the security requirements.

C. It affects other steps in the certi cation and accreditation process.

D. The system engineering process works with selected security controls.

When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

A. The RPO is the minimum amount of data that needs to be recovered.

B. The RPO is the amount of time it takes to recover an acceptable percentage of data lost.

C. The RPO is a goal to recover a targeted percentage of data lost.

D. The RPO is the maximum amount of time for which loss of data is acceptable.

Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency's vital information resources?

A. Implementation of access provisioning process for coordinating the creation of user accounts

B. Incorporating security awareness and training as part of the overall information security program

C. An information technology (IT) security policy to preserve the confidentiality, integrity, and availability of systems

D. Execution of periodic security and privacy assessments to the organization

Which of the following should be included in a good defense-in-depth strategy provided by object-oriented programming for software development?

A. Polymorphism

B. Inheritance

C. Polyinstantiation

D. Encapsulation

Which stage in the identity management (IdM) lifecycle constitutes the GREATEST risk for an enterprise if performed incorrectly?

A. Propagating

B. Deprovisioning

C. Provisioning

D. Maintaining

The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with fewest errors when running the audit?

A. Frequent audits

B. Segregation of Duties (SoD)

C. Removal of service accounts from review

D. Clear provisioning policies

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?

A. RAID-0

B. RAID-1

C. RAID-5

D. RAID-6

An organization has experienced multiple distributed denial-of-service (DDoS) attacks in recent months that have impact of their public-facing web and e-commerce sites that were previously all on-premises. After an analysis of the problems, the network engineers have recommended that the organization implement additional name service providers and redundant network paths. What is another recommendation that helps ensure the future availability of their web and e-commerce sites?

A. Move all cloud-based operations back to on-premises to mitigate attacks.

B. Move all websites to a new location.

C. Review current detection strategies and employ signature-based techniques.

D. Review the service-level agreements (SLA) with their cloud service providers.

Which algorithm gets its security from the difficulty of calculating discrete logarithms in a nite field and is used to distribute keys, but cannot be used to encrypt or decrypt messages?

A. Kerberos

B. Digital Signature Algorithm (DSA)

C. Diffie-hellman

D. Rivest-Shamir-Adleman (RSA)

A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?

A. Remove all non-essential client-side web services from the network.

B. Harden the client image before deployment.

C. Screen for harmful exploits of client-side services before implementation.

D. Block all client-side web exploits at the perimeter.

Under the General Data Protection Regulation (GDPR), what is the maximum amount of time allowed for reporting a personal data breach?

A. 24 hours

B. 48 hours

C. 72 hours

D. 96 hours

Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?

A. Communicate with the press following the communications plan

B. Dispatch personnel to the disaster recovery (DR) site

C. Take photos of the damage

D. Notify all of the Board of Directors

What is the overall goal of software security testing?

A. Identifying the key security features of the software

B. Ensuring all software functions perform as speci ed

C. Reducing vulnerabilities within a software system

D. Making software development more agile

Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high- risk countries?

A. Review applicable destination country laws, forensically clean devices prior to travel, and only download sensitive data over a virtual private network (VPN) upon arriving at the destination.

B. Leverage a Secure Socket Layer (SSL) connection over a virtual private network (VPN) to download sensitive data upon arriving at the destination.

C. Keep laptops, external storage devices, and smartphones in the hotel room when not in use.

D. Use multi-factor authentication (MFA) to gain access to data stored on laptops or external storage devices and biometric fingerprint access control mechanisms to unlock smartphones.

What part of an organization's strategic risk assessment MOST likely includes information on items affecting the success of the organization?

A. Threat analysis

B. Vulnerability analysis

C. Key Performance Indicator (KPI)

D. Key Risk Indiaitor (KRI)

A client server infrastructure that provides user-to-server authentication describes which one of the following?

A. Secure Sockets Layer (SSL)

B. User-based authorization

C. Kerberos

D. X.509

What type of investigation applies when malicious behavior is suspected between two organizations?

A. Regulatory

B. Operational

C. Civil

D. Criminal

In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?

A. Parameterised

B. Controlled

C. Dynamic

D. Static

Which of the following processes is BEST used to determine the extent to which modifications to an information system affect the security posture of the system?

A. Patch management

B. Continuous monitoring

C. configuration change control

D. Security impact analysis

Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?

A. Mobile Device Management (MDM) with device wipe

B. Mobile device tracking with geolocation

C. Virtual private network (VPN) with traffic encryption

D. Whole device encryption with key escrow

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

A. File Integrity Checker

B. Security information and event management (SIEM) system

C. Audit Logs

D. Intrusion detection system (IDS)

Which one of the following BEST protects vendor accounts that are used for emergency maintenance?

A. Vendor access should be disabled until needed

B. Frequent monitoring of vendor access

C. Role-based access control (RBAC)

D. Encryption of routing tables

In systems security engineering, what does the security principle of modularity provide?

A. Minimal access to perform a function

B. Documentation of functions

C. Isolated functions and data

D. Secure distribution of programs and data

Which of the following are common components of a Security Assertion Markup Language (SAML) based federation system?

A. Client, Service Provider, identity provider (IdP), Token

B. Client, Service Provider, Resource Server, Grant

C. Client, Authorization Server, identity provider (IdP), Claim

D. Client, Authorization Server, Resource Server, Assertion

What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?

A. Policy creation

B. Information Rights Management (IRM)

C. Data classification

D. configuration management (CM)

Which of the following encryption technologies has the ability to function as a stream cipher?

A. Cipher Block Chaining (CBC) with error propagation

B. Electronic Code Book (ECB)

C. Cipher Feedback (CFB)

D. Feistel cipher

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

A. In-house team lacks resources to support an on-premise solution.

B. Third-party solutions are inherently more secure.

C. Third-party solutions are known for transferring the risk to the vendor.

D. In-house development provides more control.

What is the benefit of using Network Admission Control (NAC)?

A. NAC only supports Windows operating systems (OS).

B. NAC supports validation of the endpoint’s security posture prior to allowing the session to go into an authorized state.

C. NAC can require the use of certificates, passwords, or a combination of both before allowing network admission.

D. Operating system (OS) versions can be validated prior to allowing network access.

A large law rm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on the network. Which solution will BEST enforce the security requirements?

A. Endpoint Detection and Response

B. Next-Generation Firewall

C. Intrusion detection and prevention system (IDPS)

D. Network Access Control (NAC)

Which of the following is an indicator that a company's new user security awareness training module has been effective?

A. There are more secure connections to internal e-mail servers.

B. More incidents of phishing attempts are being reported.

C. Fewer incidents of phishing attempts are being reported.

D. There are more secure connections to the internal database servers.

What are the essential elements of a Risk Assessment Report (RAR)?

A. Executive summary, body of the report, and appendices

B. Executive summary, graph of risks, and process

C. Table of contents, testing criteria, and index

D. Table of contents, chapters, and executive summary

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

A. Extensible Authentication Protocol (EAP)

B. Internet Protocol Security (IPsec)

C. Secure Sockets Layer (SSL)

D. Secure Shell (SSH)

Which of the following is a covert channel type?

A. Pipe

B. Memory

C. Storage

D. Monitoring

A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?

A. After operating system (OS) patches are applied

B. A new developer is hired into the team.

C. After a modification to the firewall rule policy

D. A new data repository is added.

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?

A. Weakly typed

B. Dynamically typed

C. Strongly typed

D. Statically typed

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/
IP) model?

A. Data Link and Physical Layers

B. Session and Network Layers

C. Transport Layer

D. Application, Presentation, and Session Layers

Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?

A. Forensic disk imaging

B. Live response

C. Memory collection

D. Malware analysis

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

A. Execute

B. Read

C. Write

D. Append